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DECISION ON APPEAL 
Appellants appeal under 35 U.S.C. § 134(a) from the Examiner's 
rejection of claims 22-27. We have jurisdiction under 35 U.S.C. § 6(b). We 
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STATEMENT OF THE CASE 

Appellants' invention pertains to flexible automated access to virtual 

private networks (VPNs) based on selectable access criteria. Specifically, a 

network interface unit (NIU) is used in conjunction with a local area 

network (LAN) and a non-secure node of another network to establish 

secure communications via a VPN. See generally Spec. 1, 6, 7. Claim 22 is 

illustrative with the key disputed limitations emphasized: 

22. A method practiced at a network interface unit 
(NIU) directly connected to at least one local area network 
(LAN), said NIU also being connected to a non-secure node of 
a second network, which second network is in packet 
communication with at least one access node of a secure virtual 
private network (VPN), the method comprising 

receiving data packets from at least one device on said at 
least one LAN, 

multiplexing said data packets into at least one packet 
data stream, 

modifying said at least one packet data stream in a 
security server in said NIU in accordance with a secure 
communications protocol by encrypting packets in said at least 
one packet data stream and encapsulating resulting encrypted 
packets, and 

providing network destination address information from 
a Domain Name System (DNS) server for at least selected ones 
of said at least one packet data stream. 

The Examiner relies on the following as evidence of unpatentability: 
Liu US 6,079,020 June 20, 2000 

Larson US 2004/0107286 Al June 3, 2004 
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The Rejection 

The Examiner rejected claims 22-27 under 35 U.S.C. § 103(a) as 
unpatentable over Liu and Larson. Ans. 3-6. 1 

Regarding independent claim 22, the Examiner finds that Liu 
discloses a method practiced at a network interface unit (NIU) directly 
connected to a local area network (LAN) with all recited subject matter 
except for providing network destination address information from a 
Domain Name System (DNS) server as claimed. The Examiner, however, 
cites Larson as teaching this feature in concluding the claim would have 
been obvious. Ans. 3-5. 

Appellants argue that Liu does not teach or suggest a NIU directly 
connected to at least one LAN as claimed. Rather, Appellants contend, 
Liu's virtual private network (VPN) gateways are connected to a respective 
LAN through an associated router. Br. 10-11. Appellants add that there is 
no reason to provide network destination address information from a DNS 
server in Liu as the Examiner proposes since packets arriving at VPN 
gateways in Liu already have sufficient destination information, and the 
proposed modification runs counter to Liu's operation. Br. 12-18. 

The issues before us, then, are as follows: 

ISSUES 

Under § 103, has the Examiner erred in rejecting claim 22 by finding 
that Liu and Larson would have collectively taught or suggested a method 



1 Throughout this opinion, we refer to the Appeal Brief filed December 10, 
2007 and the Examiner's Answer mailed January 10, 2008. 
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practiced at a NIU directly connected to at least one LAN, where the NIU is 
also connected to a non-secure node of a second network? 

FINDINGS OF FACT 

1. Liu's system manages secure VPNs over public or other insecure 
infrastructures. A received command specifying an operation on a VPN is 
translated into configuration parameters for VPN gateways affected by the 
command. These configuration parameters are then transmitted to the 
affected gateways for configuration. Liu, Abstract; col. 1, 11. 8-12. 

2. VPN gateway 115 couples LAN 110 to public network 100 through 
router 114. Likewise, VPN gateway 125 couples LAN 120 to public 
network 100 through router 124. Liu, col. 5, 11. 60-65; Fig. 1. 

3. VPN management station 160 controls VPN gateways 115, 125, 
135 through commands and configuration information transmitted to the 
gateways via public network 100. Liu, col. 6, 11. 25-28; Figs. 1, 4, 5. 

4. VPN management station 160 includes a network interface card 
408 coupled to processor 400, memory 402, and storage unit 405 via bus 
401. Network interface card 408 also couples VPN management station 160 
to public network 100. Liu, col. 8, 11. 41-60; Fig. 4. 

PRINCIPLES OF LAW 
Generally, a preamble limits the invention if it recites essential 
structure or steps, or if it is "necessary to give life, meaning, and vitality" to 
the claim. . . . Conversely, a preamble is not limiting "where a patentee 
defines a structurally complete invention in the claim body and uses the 
preamble only to state a purpose or intended use for the invention." 
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Catalina Marketing Int'l, Inc. v. Coolsavings.com, Inc., 289 F.3d 801, 808 
(Fed. Cir. 2002) (citations omitted). See also Rowe v. Dror, 112 F.3d 473, 
478 (Fed. Cir. 1997) (noting that when the claim preamble recites structural 
limitations of the claimed invention, the USPTO must give effect to that 
usage). 

ANALYSIS 

This appeal hinges on two questions. First, must we accord patentable 
weight to the NIU connections recited in the preamble of independent 
method claim 22? And if so, does the Examiner's equating various elements 
in Liu reasonably correspond to these limitations? We answer "yes" and 
"no" respectively to these questions. 

The Examiner apparently takes alternative positions in interpreting the 
preamble of claim 22. On the one hand, the Examiner gives no patentable 
weight to the preamble's calling for the method to be practiced at a NIU 
since it allegedly recites the purpose of the process, and the body of the 
claim is said to not depend on the preamble for completeness. Ans. 8-9. 

On the other hand, the Examiner does give weight to the preamble, 
and asserts that Liu's network interface card 408 corresponds to the recited 
NIU and is directly connected to at least one LAN, namely LANs 110 and/or 
120. Ans. 9. 

Both of these positions are problematic. First, claim 22 
unambiguously requires practicing the method "at a network interface unit 
(NIU) .... directly connected to at least one local area network (LAN)," the 
NIU also is "connected to a non-secure node of a second network . . . ." As 
Appellants indicate (Br. 10), claim 22' s preamble does not merely state a 
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purpose or intended use of the invention, but rather is a concrete structural 
relationship between the recited components — structure that cannot be 
ignored. See Rowe, 112 F.3d at 478 (noting that when the claim preamble 
recites structural limitations of the claimed invention, the USPTO must give 
effect to that usage). 

Claim 22' s preamble also provides essential linking functionality with 
other recited steps in the claim, namely the "receiving" and "modifying" 
steps that refer to the LAN and NIU, respectively. These steps therefore 
depend on the preamble for completeness. Since the preamble of claim 22 is 
"necessary to give life, meaning, and vitality" to the claim, it must be given 
patentable weight. See Catalina Marketing, 289 F.3d at 808. 

But the Examiner's rejection falls short even when the Examiner gives 
the preamble patentable weight. Even assuming, without deciding, that 
Liu's network interface card 408 corresponds to the recited NIU with its 
security server capabilities, it is not directly connected to at least one LAN 
as claim 22 requires. The Examiner's assertion that Liu's network interface 
card 408 is directly connected to LAN 110 and/or LAN 120 (Id.) is simply 
untenable. 

As shown in Figure 4, Liu's network interface card is in the VPN 
management station 160 (FF 4) — a controller remote from LANs 110, 120, 
and hardly directly connected to these LANs. See FF 2-4. Although the 
VPN management station is ultimately "connected" to these LANs via (1) 
public network 100; (2) VPN gateways 115, 125; and (3) routers 114, 125 as 
shown in Figure 1 (FF 1-3), the VPN management station is intended to 
configure the VPN gateways (FF 1) and, in any event, is not directly 
connected to the LANs. 
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Notably, the Examiner relies on part of this "connection" to likewise 
satisfy the preamble's requirement that the NIU also be connected to a non- 
secure node of a second network, namely public network 100. Ans. 9. 
While we agree that the NIU of the VPN management station is connected to 
a non-secure node of the public network 100 as shown in Figure 4 (FF 4), 
there is still no direct connection to the LANs 110 and 120 as the Examiner 
asserts. Although Liu's network interface card is directly connected to a bus 
401 which interconnects a processor, memory, and a storage unit as shown 
in Figure 4 (Id.), the Examiner did not rely on this bus as corresponding to 
the recited LAN. Nor will we speculate that such a bus can constitute the 
recited LAN in the first instance on appeal. 

We therefore find that Liu fails to practice the recited method at a 
NIU directly connected to at least one LAN, where the NIU is also 
connected to a non-secure node of a second network. Nor has the Examiner 
shown that Larson cures this deficiency. As such, even if these references 
were combinable, they would still not teach or suggest the claimed 
invention. Since our decision in this regard is dispositive, we need not reach 
Appellants' arguments regarding the impropriety of combining the 
references. 

We are persuaded that the Examiner erred in rejecting independent 
claim 22, and dependent claims 23-27 for similar reasons. 

CONCLUSION 
The Examiner erred in rejecting claims 22-27 under § 103. 
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ORDER 

The Examiner's decision rejecting claims 22-27 is reversed. 
REVERSED 



Pgc 
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